GOLISMERO Framework – The Web Knife

March 31, 2017 | Views: 4022

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Hello Everyone,

Today on the behalf of Legion group I would like to make a tutorial on GOLISMERO The Web Knife.

Actually one of my friends told me that, “theharvester or golismero.py. Both of those tools are excellently written scripts for crawling domains for information that deserves mention”.

This amazing method is used for Information-Gathering process/Security-testing/technique.

What is Golismero?

I was talking with one of my friend Gee4rce and he told me about this tool. He told me that Golismero is a collection of tools which are usually used seperately to scan for Vulnerabilities. In this Toolbox we have OpenVAS, (etc.) – all theese are vulnerability scanners. By using a vulnerability scanner, you automate the process of vulnerability scanning and mostly get the results back in a Report. Golismero combines some of the most powerfull OpenSource or free for use tools curently availible. With this, you have all these tools in one place, combined in Golismero.

Why Golismero?

I know your first question will be why we should use Golismero when we have some amazing tools for pentesting? Right?

So, my answer is simple:-

1. First is of course that it is Opensource Tool/Framework.

2. Second, is as most of us know this, their are many other tools are available in market that we can use, then you will love to hear that we can attach other tools like: Nmap, xsser, openvas, dnsrecon and theharvester]reports in this Golismero Framework.

3. This Framework is now available for all platforms, it doesn’t matter if you are Windows, Linux or Mac user we can use it in any Operating System now.

4. We don’t need to download/install any other dependency except PYTHON dependency because it just needs python to run.

5. It is also integrated with CVE and OWASP so it will easy for us to use them now.
[For report’s]


Just follow these simple steps:

1.apt-get install python2.7 python2.7-dev python-pip python-docutils git perl nmap sslscan

2.cd /opt

3.git clone https://github.com/golismero/golismero.git

4.cd golismero

5.pip install -r requirements.txt

6.pip install -r requirements_unix.txt

7.ln -s /opt/golismero/golismero.py /usr/bin/golismero 

Then just exit and we have done.

For More Info Go: HERE

So, I am dividing this tutorial into 2 parts. The 1st one is this. I will just introduce this tool, and in next tutorial, I will Demonstrate on Live website.


So, Basic command is of course  -h 

golismero -h

A. 1st command is:

golismero scan <target>

Example:-“golismero.py scan http://www.example.com

So now it will run with all default options and show the report on standard output.

B. 2nd command is:-

golismero scan <target> –audit-name <name>

We can also set a name for your audit using audit-name attribute

C. 3rd command is:-

golismero scan <target> -o <output file name>

We can produce reports in different file formats. Example in .html , .php or in .txt etc. and you can write as many files as you want.

D. 4th command is:-

golismero scan -i nmap_output.xml -o Report.html

We can Grab Nmap results scan all hosts found and write an HTML report.

Golismero Available plugins

To display the list of available plugins:

golismero plugins

See you in my next tutorial Friends

It took me 1 Hour to make this tutorial, But it will take only 1 sec. to leave a review/reply here. Please comment if you like this tutorial. 

Please subscribe my channel:- https://www.youtube.com/c/Pentestingwithspirit

Please Like/Follow me on Facebook:-https://facebook.com/Pentestingwithspirit

Please Follow me on twitter:-https://twitter.com/spirit3113

Join me here:-https://crackingforums.net/member.php?action=register&referrer=45

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. very good article. Do you know if the report hang bug is intended to get fixed? what has been your work around?

    • Sorry but my English is weak, i didn’t get what are you talking about. Can your please elaborate?

      • the application hangs just before it writes a report. it is a known bug but others have worked around it. I was wondering if you have had that problem and if so, what you did to work around it.

  2. Good info, thanks for posting.

  3. Was always curious about Golismero but never really used it since i was pretty happy with my tool set, but now that you have explained its usage so well i might just give this a try. Thanks.

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?